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TRANSITION (SOURCE => DEST) 
ISA&CC PROPERTYVALUES 


HANDLER ACTION 


00 => 00 


NO TRANSITION EXCEPTION 


00 => 01 


VECT_xxx_X86_CC EXCEPTION - HANDLER CONVERTS FROM NATIVE TO x86 CONVENTIONS 


00 => 1x 


VECT m X86 CC EXCEPTION -HANDLER CONVERTS FROM NATIVE x86 CONVENTIONS, 

SETS UP EXPECTED EMULATOR AND PROFILING STATE 


01 =>00 


VECT_xxx_TAP_CC EXCEPTION - HANDLER CONVERTS FROM x86 TO NATIVE CONVENTIONS 


01 =>01 


NO TRANSITION EXCEPTION 


01 =>1x 


VECT X86 ISA EXCEPTION [CONDITIONAL BASED ON PCW.X86 ISA ENABLE FLAG] 
- SETS UP EXPECTED EMULATOR AND PROFILING STATE 


1x => 00 


VECT_m_TAP_CC EXCEPTION - HANDLER CONVERTS FROM x86 TO NATIVE CONVENTIONS 


1x=>01 


VECT TAP ISAEXCEPTION [CONDITIONAL BASED PCW.TAP ISA ENABLEFLAG] 
- NO CONVENTION CONVERSION NECESSARY 


1x => 10 


NO TRANSITION EXCEPTION • [PROFILE COMPLETE POSSIBLE, PROBE POSSIBLE] 


1x=> 11 


NO TRANSITION EXCEPTION - [PROFILE COMPLETE POSSIBLE, PROBE NOT POSSIBLE] 
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NAME 


DESCRIPTION 


TYPE 


VECT call X86 CC 


PUSH AR6S, RETURN ADDRESS, SETUP x86 STATE 


FAULT ON TARGET INSTRUCTION 


VECTJump_X86_CC 


SET UP x86 STATE 


FAULT ON TARGET INSTRUCTION 


VECT ret no fp X86 CC 


RETURN VALUE TO EAXfDX, SET UP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECT ret fp X86 CC 


RETURN VALUE TO x86 FP STACK, SET UP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECT call TAP CC 


x86 STACKARGS, RETURN ADDRESS TO REGISTERS 


FAULTON TARGET INSTRUCTION 


VECTJump TAP CC 


x86 STACK ARGS TO REGISTERS 


FAULTON TARGET INSTRUCTION 


VECT ret no fp TAP CC 


RETURN VALUE TO RVO 


FAULTON TARGET INSTRUCTION 


VECT ret any TAP CC 


RETURN TYPE UNKNOWN, SETUP RVO AND RVDP 


FAULTON TARGET INSTRUCTION 
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DISTINGUISHED TAPESTRY PROCESS 3J1 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 



x86? RISC?— i 



TRANSPARENCY: 

. x86 CODE ADHERES TO TRADITIONAL 
x86 STACK-BASED CONVENTIONS 

. RISC USES HIGHER PERFORMANCE 
REGISTER-BASED CONVENTIONS 

.CALLER HAS NO KNOWLEDGE 
OF CALLEE'S ISA 

.CALLEE HAS NO KNOWLEDGE 
- OF ISA TO WHICH IT WILL RETURN 




FIG. 3B 




FLAT 32-BIT "NEAR" ADDRESS SPACE 




X86-RISC TRANSITION: 
MAP x86 CALL TO RISC 

322 (FIG. 3H) 



RISC-X86 TRANSITION: 
MAP x86 RETURN TO RISC 

342 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

340 (FIG. 31) 



X86-RISC TRANSITION: 
MAP RISC RETURN TO x86 

329,332 (FIG. 3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




X86-RISC TRANSITION: 
MAP RISC RETURN TO x86 

I 

329,332 (FIG.3H) 



RISC-X86 TRANSITION: 
MAP RISC CALL TO x86 

343-348 (FIG. 31) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




RISC-X86 TRANSITION: 
MAP x86 RETURN TO RISC 

342 (FIG. 31) 



x86^RISC TRANSITION: 
MAP x86 CALL TO RISC 

322 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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x86 PREAMBLE: 


319 


(NEED NOT BE INLINE) 




-LOAD REGISTER ARGS 




FILL-IN RXA (RETURN TRANSFER ARGUMENT AREA) 



r GENERAL ENTRY: 



YES 



XD ==0? 



NO 



- NATIVE.ENTRY: — 

NATIVE PREAMBLE: 
(TYPICALLY VACUOUS) 

-VARARGS 

-AP FORAVERY BIG ARGUMENT LIST 



317 



OMIT IF 
NATIVE ONLY 



FUNCTION BODY: 



318 



SETUPXD: 

XD —<DESCRIPTOR_CONSTANT> 

RET 
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X86-to Tapestry transition exception handler 

II This handler is entered under the following conditions: 
// 1 . An x86 caller invokes a native function 
// 2. An x86 function returns to a native caller 

// 3. x86 software returns to or resumes an interrupted native function following 
// an external asynchronous interrupt, a processor exception, or a context switch 
r 321 

dispatch on the two least-significant bits of the destination address { 
case M 00" // calling a native subprogram 

// copy linkage and stack frame information and call parameters from the memory 
//stack to the analogous Tapestry registers 
LR— [SP++] // set up linkage register ^ i 0A 
AP — SP // address of first argument-^ JZ4 32 s 

SP — SP - 8 // allocate return transfer argument area s~ 327 
SP — SP & (-32) // round the stack pointer down to a 0 mod 32 boundary s~ 
XD — 0 // inform callee that caller uses X86 calling conventions 328 

case "01" // resuming an X86 thread suspended during execution of a native routine ^ 
if the redundant copies of the save slot number in EAX and EDX do not match or if 1 371 
the redundant copies of the timestamp in EBX:ECX and EShEDI do not match { } 
II some form of bug or thread corruption has been detected 
goto TAPESTRY_CRASH_SYSTEM( thread-corruption-error-code ) 372 

save the EBX:ECX timestamp in a 64-bit exception handler temporary register! 373 

(this will not be overwritten during restoration of the full native context) J 
use save slot number in EAX to locate actual save slot storage^^374 
restore full entire native context (includes new values for all x86 registers) ^. 375 
if save slot's timestamp does not match the saved timestamp { "^-376 
// save slot has been reallocated; save slot exhaustion has been detected 
-goto TAPESTRY_CRASH-SYSTEM( save-slot-overwritten-error-code )^ 377 

free the save slot -^-^78 

case"1 0" // returning from X86 callee to native caller, result already in registers 

RV0<63:32>— edx<31:00> // in case result is 64 bits — ■ — 333 .^o 
convert the FP top-of-stack value from 80 bit X86 form to 64-bit form in RVDP 334 * 6 J 
SP —ESI // restore SP from time of call 337 

case n H" // returning from X86 callee to native caller, load large result from memory 
RV0..RV3 — load 32 bytes from [ESI-32] // (guaranteed naturally aligned) x«n 
SP — ESI // restore SP from time of call 33 ^ JU 

EPC— EPC & -4 // reset the two low-order bits to zero 



> 



>Z2 



RFE --338 
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340 

/ 

Tapestry-to-X86 transition exception handler 

// This handler is entered under the following conditions: 
//la native caller invokes an x86 function 
// 2. a native function returns to an x86 caller 
switch on XD<3:0> { >^_ 341 

XD_RET_FP: // result type is floating point 

FO/FI — FINFLATE."de( RVDP) " // X86TP results are 80 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT & push // FP stack has 1 entry 
goto EXIT 

XD_RET_WRITEBACK: // store result to @RVA, leave RVA in eax 

RVA— from RXA save // address of result area 

copy decode(XD<8:4>) bytes from RV0..RV3 to [RVA] ^ 342 

eax— RVA // X86 expects RVA in eax 

SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty 

goto EXIT 

XD_RET_SCALAR: // result in eax:eda 

edx<31 :00> — eax<63:32> // in case result is 64 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty ^ 

goto EXIT 

XD_CALL_HIDDEN_TEMP: // allocate 32 byte aligned hidden temD^ 34 3 
esi— SP // stack cut back on return 

SP— SP - 32 // allocate max size temp 1 344 

RVA— SP //RVA consumed later by RR J 

LR<1:0>— "11" //flag address for return & reload 

goto CALL_COMMON 345 

default: // remaining XD_CALL_xxx encodings 

esi— SP // stack cut back on return 

LR<1 :0> —"1 0" // flag address for return 343 

CALLCOMMON: 347 ^ 34 6 

interpret XD to push and/or reposition args J 
[--SP] — LR // push LR as return address 

EXIT: 

setup emulator context and profiling ring buffer pointer 
J ^-349 

RFE^ //to original target 

} 

FIG. 31 



348 




350 

. ... 

interrupt/exception handler of Tapestry operating system: r 
II Control vectors here when a synchronousexcepjion or asynchronous interrupt is to be 
// exported to / manifested in an x86 machined " 

// The interrupt is directed to something within the virtual X86, and thus there is a possibility 
// that the X86 operating system will context switch. So we need to distinguish two cases: 
// either the running process has only X86 state that is relevant to save, or 
// there is extended state that must be saved and associated with the current machine context 
// (e.g., extended state in a Tapestry library call in behalf of a process managed by X86 OS) 
if execution was interrupted in the converter - EPC.ISA == X86 { 1 

// no dependence on extended/native state possible, hence no need to save any f351 
goto E M 86_Del i ve r_l nterru pt( interrupt-byte ) J 
} else if EPC.Taxi_Active { ^ 
Ilk Taxi translated version of some X86 code was running. Taxi will rollback to an 
// x86 instruction boundary. Then, if the rollback was induced by an asynchronous external 
// interrupt, Taxi will deliver the appropriate x86 interrupt. Else, the rollback was induced 
// by a synchronous event so Taxi will resume execution in the converter, retriggering the 
// exception but this time with EPC.ISA == X86 

goto TAXi_Rollback( asynchronous-flag, interrupt-byte ) . 
}elseifEPC.EM86{ < 
// The emulator has been interrupted. The emulator is coded to allow for such 
// conditions and permits re-entry during long running routines (e.g. far call through a gate) 
// to deliver external interrupts 
goto EM86_Deliver_lnterrupt( interrupt-byte ) 



>3 



} else { 



3 



// This is the most difficult case - the machine was executing native Tapestry code on ^ 
"// behalf of an X86 thread. The X86 operating systerrrmay context switch. We must save 
// all native state and be able to locate it again when the x86 thread is resumed. 
r 361 

allocate a free save slot; if unavailable free the save slot with oldest timestamp and try again 
save the entire native state (both the X86 and the extended state) 1 362 

save the X86 EIP in the save slot J r 363 

overwrite the two low-order bits of EPC with "01 " (will become X86 interrupt EIP) y ^ 
store the 64-bit timestamp in the save slot, in the X86 EBX:ECX register pair (and, "1 „ R 

for further security, store a redundant copy in the X86 ESLEDI register pair) J ™ 
store the a number of the allocated save slot in the X86 EAX register (and, again for S 

further security, store a redundant copy in the X86 EDX register) J JW 

goto EM86_Deliver_lnterrupt( interrupt-byte ) 
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typedef struct { 
save_slot_t * 
save_slot_t * 
unsigned int64 
unsigned int64 
unsigned int64 

timestampj 
int 

boolean 
} save_slot_t; 



newer, // pointer to next-most-recently-allocated save slof 

older; // pointer to next-older save slot 

epc; // saved exception PC/IP 

pew; // saved exception PCW (program control word) 

registers[63]; // save the 63 writeable general registers 

// other words of Tapestry context 

timestamp; // timestamp to detect buffer overrun -n 

save_slot_ID; // ID number of the save slot > 
save_slot_is_full; // full /empty flag ^ 357 



■358 



•379c 



-356 



359 



save_slot_t * 
save slot t* 



save_slot_head; 
save_slot_tail; 



// pointer to the head of the queue -n 
// pointer to the tail of the queue ^ v 379a 

v 379b 



system initialization 

reserve several pages of unpaged memory for save slots 
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RISC 



308 



317, 
r319 
PREAMBLE: 

? 385 

: / 

XD— RET-DESC 
JALR 



340 

HANDLER: RISCTOx86 



XD CONTAINS RETURN-DESCRIPTOR: 
INTERPRET XD: 

• REFORMAT/REPOSTION RESULT 
-LOADFPSW 

SP— [SPJ//POP RA & ARGS 



V 



320 




HANDLER: x86 TO RISC 

EPC<1:0>== 00: 

LR— [SP] 

SP— SP + 4 

AP— SP 

SP— SP - 8 

SP— SP & (-32) 

__XD_rzQ 

EPC<1:0> ==01: 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




INITIATE x86 EXCEP. OR INT. -^ 60 



ALLOC FREE OR OLDEST SAVE SLOT 
STORE TIMESTAMP & FULL STATE 
x86 REGS —SAVE SLOT ID, TIMESTAMP 
EPC<1:0>— 01 




316,306, 
302,306 



HANDLER: x86 TO RISC 



EPC<1:0> ==00: 



EPC<1:0> == 01: 
x86 REGS POINTS TO SAVE SLOT 
USING TS VERIFY NO OVERWRITE 
RESTORE FULL STATE 
FREE SAVE SLOT 
EPC<1:0>— 00 51° 



<8> 
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FLAT 32-BIT "NEAR" ADDRESS SPACE 




340 

HANDLER: RISCTOx86 



! I 



XD CONTAINS RETURN-DESCRIPTOR: 



VlXD CONTAINS CALL-DESCRIPTOR: 
ESI— SP 

INTERPRET XD, REPOSITION ARGS 
LR<1:0>— IxPERXD 
PUSH LR AS RA (RET ADDR) t 



H 



T 
) 



HANDLER: x86 TO RISC 
EPC<1:0> == 00: 




EPC<1:0> ==1x: 
REFORMAT /REPOSITION THE 
FUNCTION RESULT PER EPC<0> 
SP— ESI 
EPC<1:0>— 00 



7~ 
320 
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TIMER EXPIRES HERE 
ENABLING COLLECTION 
OF THE NEXT PROFILE 
TRACE-PACKET. 



INSTRUCTION STRADDLES 
PAGE FRAME X INTO 
FRAME SUCC(X)=Y. 



RFE FROM 
EMULATOR 
I 



JLT NOT TAKEN 
(NO P ACKET ENTRY) 



PAGE FRAME X \ 




PAGE FRAME Y 



PAGE FRAME Z 



FINAL EDGE RECORDED 
IN 7 ENTRY PROFILE 
TRACE-PACKET. 



JCC'S TAKEN 



r 



7 ENTRY TRACE PACKET 
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EVENT CODE 


DONEADDR 


NEXTADDR 
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ME STAMP 


1 


RET 


x86 CONTEXT 


physX:f 


2 


NEW PAGE 


phys Y:g 


phys Y:h 


3 


JCC FORWARD 


phys Y:i 


phys Y:k 


4 


JNZ BACKWARD 


physY:l 


phys X:a 


5 


SEQ; ENV CHANGE 


x86 CONTEXT 


phys X:b 


6 


IP-REL NEAR CALL 


physXx 


phys 2:6 


7 


NEAR RET 


physZ:e 


physX:f 
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PROFIIEABLE INITIATE PROBEABLE 



EVENT 
414 416 



PACKET 
418 



EVENT 
610 



612 



412- 



4101 



[CONTEXT 
AT POINT 
ENTRY) 



4041 



CONVERTER 
P- 
EDGE" 
ENTRY) 





CODE 

vino 


EVENT 

- 


i — "t — | 

REUSE 
EVENT 

U/Ul 




( 




c 

PROBf EVENT BIT- 
ITLB PROBE 
ATTRIBUTE 

An 

OR 

FMIIUTfl&PRflRC 
CMUUUURrKUDL 




0.0000 


DEFAULT (x86 TRANSPARENT) EVENT, REUSE ALL CONVERTER VALUES 


YES 




NO 




REUSE EVENTCODE 




0.0001 


SIMPLE x86 INSTRUCTION COMPLETION (REUSE EVENT CODE) 


YES 




NO 




REUSE EVENT CODE 




0.0010 


PROBE EXCEPTION FAILED 


YES 




NO 




REUSE EVENT CODE 




0.0011 


PROBE EXCEPTION FAILED, RELOAD PROBE TIMER 


YES 




NO 




REUSE EVENT CODE 




0.0100 


RUSH EVENT 


NO 


NO 


NO 


NO 


• 




0.0101 


SEQUENTIAL; EXECUTION ENVIRONMENT CHANGED • FORCE EVENT 


NO 


YES 


NO 


NO 






0.0110 


FAR RET 


NO 


YES 


YES 


NO 


■ 




0.0111 


IRET 


NO 


YES 


NO 


NO 


* 


V 


0.1000 


FAR CALL 


NO 


YES 


YES 


YES 


FAR CALL 




0.1001 


FAR JMP 


NO 


YES 


YES 


NO 


* 




0.1010 


SPECIAL; EMULATOR EXECUTION, SUPPLY EXTRA INSTRUCTION DATA 0 


NO 


YES 


NO 


NO 


• 




0.1011 


ABORTPROFILE COLLECTION 


NO 


NO 


NO 


NO 


• 




0.1100 


x86 SYNCHRONOUS/ ASYNCHRONOUS INTERRUPT W/PROBE (GRP 0) 


NO 


YES 


YES 


YES 


EMUIATORPROBE 




0.1101 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (GRP 0) 


NO 


YES 


YES 


NO 


• 




0.1110 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT W/PROBE (GRP 1) 


NO 


YES 


YES 


YES 


EMUIATORPROBE 




0.1111 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (GRP 1) 


NO 


YES 


YES 


NO 


• 




1.0000 


IP-RELATIVE JNZ FORWARD (OPCODE: 75, OF 85) 


NO 


YES 


YES 


NO 


■ 




1.0001 


IP-RELATIVE JNZ BACKWARD (OPCODE: 75, OF 85) 


NO 


YES 


YES 


YES 


JNZ 




1.0010 


IP-RELATIVE CONDITIONAL JUMP FORWARD - (JCC, JCX2, LOOP) 


NO 


YES 


YES 


NO 


• 




1.0011 


IP-RELATIVE CONDITIONAL JUMP BACKWARD - (JCC, JCXZ, LOOP) 


NO 


YES 


YES 


YES 


CONDJUMP 




1.0100 


IP-RELATIVE, NEAR JMP FORWARD (OPCODE: E9, EB) 


NO 


YES 


YES 


NO 


• 




1.0101 


IP-RELATIVE, NEAR JMP BACKWARD (OPCODE: E9, EB) 


NO 


YES 


YES 


YES 


KEARJUMP 


V 


1.0110 


RET/RET IMM16 (OPCODE 03, C2/W) 


NO 


YES 


YES 


NO 






1.0111 


IP-RELATIVE, NEAR CALL (OPCODE: E8) 


NO 


YES 


YES 


YES 


NEARCALL 




1.1000 


REPE/REPNE CMPS/SCAS (OPCODE: A6, A7, AE, AF) 


NO 


YES 


NO 


NO 






1.1001 


REP MOVS/STOS/LDOS (OPCODE: A4, A5, AA, AB, AC, AD} 


NO 


YES 


NO 


NO 






1.1010 


INDIRECT NEAR JMP (OPCODE: FF /4) 


NO 


YES 


YES 


NO 






1.1011 


INDIRECT NEAR CALL (OPCODE: FF/2) 


NO 


YES 


YES 


YES 


NEAR CALL 




1.1100 


LOAD FROM I/O MEMORY (TLB ASI N)) (NOT USED IN T1} 


NO 


YES 


NO 


NO 






1.1101 


AVAILABLE FOR EXPANSION 


NO 


NO 


NO 


NO 






1.1110 


DEFAULT CONVERTER EVENT; SEQUENTIAL 406 


NO 


NO 


NO 


NO 






1.1111 


NEW PAGE (INSTRUCTION ENDS ON LAST BYTE OF A PAGE FRAME OR 
STRADDLES ACROSS A PAGE FRAME BOUNDARY) 408 


NO 


YES 


NO 


NO 
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